Greatly Reduce SPAM

Spam is an unavoidable part of running email, but you can dramatically reduce how much of it reaches your inbox. Ultra Web Hosting servers include SpamAssassin and several other tools that, when configured properly, catch the vast majority of junk mail before you ever see it.

01. Enable and Configure SpamAssassin

SpamAssassin is a server-side spam filter that scores every incoming email. Messages that score above a threshold (default: 5) are flagged as spam. You can choose to either flag them (add "***SPAM***" to the subject line so you can filter them in your email client) or auto-delete them.

1. Log into cPanel at my.ultrawebhosting.com
2. Go to Email > Spam Filters (or "Apache SpamAssassin" in older cPanel themes)
3. Click "Enable Apache SpamAssassin" if it is not already on
4. Enable "Auto-Delete Spam" - This prevents spam from ever reaching your inbox
5. Set the spam score threshold - 5 is the default and is a good starting point. If you still get spam, lower it to 4. If legitimate emails are being caught, raise it to 6 or 7.

02. Set Up Email Filters

cPanel's email filters let you create rules that act on incoming messages based on sender, subject, headers, or body content. These are useful for catching spam that gets past SpamAssassin.

In cPanel, go to Email > Email Filters (for per-account filters) or Global Email Filters (for rules that apply to all accounts).

Useful filter examples:

• Discard messages with specific subject words - If you keep getting spam with "Nigerian prince" or "Bitcoin investment" in the subject, create a filter to discard those automatically.
• Filter by SpamAssassin score - Create a filter where "SpamAssassin Spam Header" contains "Yes" and set the action to "Discard Message."
• Block entire domains - If spam consistently comes from a particular domain, filter on "From" contains "@spamdomain.com" and discard.

03. BoxTrapper Challenge-Response

BoxTrapper is a challenge-response system available in cPanel. When someone emails you for the first time, BoxTrapper holds their message and sends back a verification email. The sender must click a link to confirm they are a real person before their email is delivered to you.

To enable it: cPanel > Email > BoxTrapper.

04. Email Authentication (SPF, DKIM, DMARC)

Email authentication records do not directly stop spam from reaching your inbox, but they prevent spammers from spoofing your domain to send spam as you. This protects your domain's reputation and ensures your own outgoing emails do not get flagged as spam by other servers.

We have a detailed guide on this topic: Understanding Email Authentication: SPF, DKIM, and DMARC

In short:

• SPF - Tells receiving servers which mail servers are allowed to send email for your domain
• DKIM - Adds a digital signature to your outgoing emails that receiving servers can verify
• DMARC - Tells receiving servers what to do when SPF or DKIM checks fail (quarantine, reject, or do nothing)

cPanel automatically configures SPF and DKIM records when your account is created. Check that they are active under Email > Email Deliverability in cPanel.

05. Block Specific Senders and Domains

If you know exactly who is sending you spam:

• In cPanel - Use Email Filters to discard messages from specific addresses or domains
• In Roundcube - Right-click a spam message, select "Mark as spam" or add the sender to your blocked list under Settings > Filters
• In your desktop client - Most email apps (Outlook, Thunderbird, Apple Mail) have built-in block sender features that work alongside server-side filtering

06. Good Habits That Reduce Spam

• Never reply to spam - Replying confirms your address is active and leads to more spam.
• Do not unsubscribe from obvious spam - Legitimate companies honor unsubscribe requests. Spammers use the unsubscribe link to confirm your address. If you did not sign up for it, just delete it.
• Use a separate address for signups - Create an alias like signups@yourdomain.com for website registrations and newsletters. If it starts getting spam, you can filter or delete it without affecting your main address. See How to Create Email Accounts and Aliases.
• Do not publish your email address in plain text - Spammers harvest email addresses from websites. Use a contact form instead, or encode the address with JavaScript.
• Avoid catch-all accounts - A catch-all address receives email for any address at your domain, including random addresses that spammers guess.

07. Third-Party Spam Filtering

If SpamAssassin is not catching enough spam, you can route your email through a third-party filtering service before it reaches your hosting account. These services have much larger spam databases and machine learning models that catch more sophisticated spam.

Popular options include:

• Google Workspace - If you use Google Workspace with your domain, Google's spam filtering is among the best in the industry.
• SpamExperts / SpamTitan - Dedicated email filtering services that sit between the internet and your server.
• Microsoft 365 - Another option with strong built-in spam and phishing protection.

These services work by changing your domain's MX records to point to their servers first. They filter the spam and forward clean email to your hosting account. See How to Change Your MX Records for the technical setup.

Quick Recap

1. Enable SpamAssassin with auto-delete - cPanel > Email > Spam Filters, score threshold of 5
2. Create email filters - Discard messages matching known spam patterns
3. Verify SPF and DKIM are active - cPanel > Email > Email Deliverability
4. Never reply to spam or click unsubscribe on unsolicited messages
5. Consider Google Workspace or another filtering service for heavy spam problems

Helping users take control of their inbox · Last updated March 2026 · Browse all Email articles